Learn how Bishop Fox conducts a Hybrid Application Assessment.
Bishop Fox’s hybrid application assessment combines the real-world attack techniques of application penetration testing with a targeted source-code review to more thoroughly identify security vulnerabilities in the application.
The assessment team begins by running automated scans of the deployed application and its source code. A deeper dive is then performed by analyzing the scan results and manually reviewing potential security vulnerabilities. Next, the team assesses the application’s architecture and business logic to locate any design-level issues. Finally, the findings are validated by manually exploiting the vulnerabilities and reviewing relevant design issues.
This Methodology document provides an overview of the following assessment process phases:
- Discovery, Testing, and Code Analysis
- Analysis and Reporting